Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.9

    LOW
    CVE-2023-40732

    A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application does not invalidate the session token on logout. This could allow an attacker to perform session hijacking attacks.... Read more

    Affected Products : qms_automotive
    • Published: Sep. 12, 2023
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2023-37540

    Sametime Connect desktop chat client includes, but does not use or require, the use of an Eclipse feature called Secure Storage. Using this Eclipse feature to store sensitive data can lead to exposure of that data. ... Read more

    Affected Products :
    • Published: Feb. 23, 2024
    • Modified: Nov. 29, 2024

  • 3.9

    LOW
    CVE-2015-0849

    pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability.... Read more

    Affected Products : pycode-browser
    • Published: Jun. 26, 2025
    • Modified: Aug. 06, 2025

  • 3.9

    LOW
    CVE-2020-6653

    Eaton's Secure connect mobile app v1.7.3 & prior stores the user login credentials in logcat file when user create or register the account on the Mobile app. A malicious app or unauthorized user can harvest the information and later on can use the informa... Read more

    Affected Products : secureconnect
    • Published: Aug. 12, 2020
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2022-1697

    Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.... Read more

    Affected Products : active_directory_agent
    • Published: Sep. 06, 2022
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2024-31636

    An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component.... Read more

    Affected Products : lief
    • Published: May. 03, 2024
    • Modified: Aug. 21, 2025

  • 3.9

    LOW
    CVE-2019-2807

    Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zones). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure wher... Read more

    Affected Products : solaris solaris
    • Published: Jul. 23, 2019
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2021-35549

    Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris execute... Read more

    Affected Products : solaris solaris
    • Published: Oct. 20, 2021
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2020-1987

    An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump". This issue affects Palo Alt... Read more

    Affected Products : globalprotect
    • Published: Apr. 08, 2020
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2018-20896

    cPanel before 71.9980.37 allows code injection in the WHM cPAddons interface (SEC-394).... Read more

    Affected Products : cpanel
    • Published: Aug. 01, 2019
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2023-22656

    Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: May. 16, 2024
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2023-3363

    An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format wa... Read more

    Affected Products : gitlab
    • Published: Jul. 13, 2023
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2020-14264

    "HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK"... Read more

    Affected Products : traveler_companion
    • Published: Oct. 25, 2021
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2023-47282

    Out-of-bounds write in Intel(R) Media SDK all versions and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more

    Affected Products :
    • Published: May. 16, 2024
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2020-14263

    "HCL Traveler Companion is vulnerable to an iOS weak cryptographic process vulnerability via the included MobileIron AppConnect SDK"... Read more

    Affected Products : traveler_companion
    • Published: Oct. 21, 2021
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2019-2955

    Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logo... Read more

    Affected Products : database database_server
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2019-2954

    Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedur... Read more

    Affected Products : database database_server
    • Published: Oct. 16, 2019
    • Modified: Nov. 21, 2024

  • 3.9

    LOW
    CVE-2025-49597

    handcraftedinthealps goodby-csv is a highly memory efficient, flexible and extendable open-source CSV import/export library. Prior to 1.4.3, goodby-csv could be used as part of a chain of methods that is exploitable when an insecure deserialization vulner... Read more

    Affected Products :
    • Published: Jun. 13, 2025
    • Modified: Jun. 16, 2025
    • Vuln Type: Misconfiguration

  • 3.9

    LOW
    CVE-2025-6139

    A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can on... Read more

    Affected Products : t10_firmware t10
    • Published: Jun. 16, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authentication

  • 3.9

    LOW
    CVE-2025-44657

    In Linksys EA6350 V2.1.2, the chroot_local_user option is enabled in the dynamically generated vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for i... Read more

    Affected Products : ea6350_firmware ea6350
    • Published: Jul. 21, 2025
    • Modified: Aug. 07, 2025
    • Vuln Type: Misconfiguration
Showing 20 of 293632 Results